ImageMagick CVE-2017-17681 Denial of Service Vulnerability

ImageMagick is prone to a denial-of-service vulnerability.

An attacker may exploit this issue to cause CPU exhaustion, resulting in denial-of-service conditions.

ImageMagick 7.0.7-12 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 102206
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2017-17681

Remote: Yes
Local: No
Published: Dec 14 2017 12:00AM
Updated: Dec 18 2017 03:13PM
Credit: NSFocus Security Team.
Vulnerable: ImageMagick ImageMagick 7.0.7-12

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

ImageMagick Homepage (ImageMagick)
CPU exhaustion in ReadPSDChannelZip #869 (Github)
Test Case (Github)

Source: www.securityfocus.com

Exploit Collector

Search Exploit